Lucene search
K
CiscoMost viewed

5226 matches found

Cisco
Cisco
added 2020/11/18 4:0 p.m.38 views

Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability

A vulnerability in the SOAP API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit th...

8.7CVSS1.9AI score0.01EPSS
Exploits0References1
Cisco
Cisco
added 2020/11/18 4:0 p.m.38 views

Cisco IoT Field Network Director File Overwrite Vulnerability

A vulnerability in the file system of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API request...

4.9CVSS5.7AI score0.01434EPSS
Exploits0References1
Cisco
Cisco
added 2020/11/04 4:0 p.m.38 views

Cisco SD-WAN vManage Software Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system. The vulnerability is due to insufficient authorization checking on an affected system. A...

6.5CVSS6.8AI score0.00786EPSS
Exploits3References1
Cisco
Cisco
added 2020/11/04 4:0 p.m.38 views

Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability

A vulnerability in Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Service on an affected device to restart, resulting in a denial of service DoS condition. The vulnerability is...

4.3CVSS5.5AI score0.0115EPSS
Exploits0References1
Cisco
Cisco
added 2020/09/24 4:0 p.m.38 views

Cisco IOS XE Software for Catalyst 9800 Series and Cisco AireOS Software for Cisco WLC Flexible NetFlow Version 9 Denial of Service Vulnerability

A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers and Cisco AireOS Software for Cisco Wireless LAN Controllers WLC could allow an unauthenticated, remote attacker to cause a denial of service DoS conditi...

8.6CVSS8.4AI score0.01374EPSS
Exploits0References1
Cisco
Cisco
added 2020/09/24 4:0 p.m.38 views

Cisco IOS XE Software IOx Guest Shell USB SSD Namespace Protection Privilege Escalation Vulnerability

A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive SSD for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability...

6.8CVSS6.6AI score0.00324EPSS
Exploits0References1
Cisco
Cisco
added 2020/08/29 3:0 a.m.38 views

Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities

Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol DVMRP feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol IGMP process or make it consume available memory and eventually cras...

8.6CVSS8.4AI score
Exploits0References1
Cisco
Cisco
added 2020/08/26 4:0 p.m.38 views

Cisco NX-OS Software Data Management Engine Remote Code Execution Vulnerability

A vulnerability in the Data Management Engine DME of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient input...

8.8CVSS8.9AI score0.00761EPSS
Exploits0References1
Cisco
Cisco
added 2020/08/19 4:0 p.m.38 views

Cisco Small Business Smart and Managed Switches Denial of Service Vulnerability

A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. A...

5.3CVSS1.9AI score0.01737EPSS
Exploits0References1
Cisco
Cisco
added 2020/07/01 4:0 p.m.38 views

Cisco Small Business Smart and Managed Switches Session Management Vulnerability

A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to defeat authentication protections and gain unauthorized access to the management interface. The attacker could obtain the...

8.1CVSS1.9AI score0.03043EPSS
Exploits0References1
Cisco
Cisco
added 2020/06/17 4:0 p.m.38 views

Cisco UCS Director Path Traversal Vulnerability

A vulnerability in the orchestration tasks of Cisco UCS Director could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input on the web-based management interface. An attacker...

6.5CVSS2AI score0.01982EPSS
Exploits0References1
Cisco
Cisco
added 2020/06/17 4:0 p.m.38 views

Cisco Small Business RV Series Routers Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected...

7.2CVSS4.4AI score
Exploits0References1
Cisco
Cisco
added 2020/06/03 4:0 p.m.38 views

Cisco IOx for IOS XE Software Privilege Escalation Vulnerability

A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests fo...

9.8CVSS1.7AI score0.03408EPSS
Exploits0References1
Cisco
Cisco
added 2020/06/03 4:0 p.m.38 views

Cisco IOS XE Software Catalyst 9800 Series Wireless Controllers Denial of Service Vulnerability

A vulnerability in the handling of IEEE 802.11w Protected Management Frames PMFs of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device. The vulnerabilit...

4.7CVSS2.4AI score0.00468EPSS
Exploits0References1
Cisco
Cisco
added 2020/01/22 4:0 p.m.38 views

Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability is due to insufficient validation of user-suppli...

6.1CVSS1.3AI score0.01066EPSS
Exploits0References1
Cisco
Cisco
added 2019/09/18 4:0 p.m.38 views

Cisco HyperFlex Software Cross-Frame Scripting Vulnerability

A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerabilit...

6.5CVSS0.8AI score0.01206EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/15 4:0 p.m.38 views

Cisco AnyConnect Secure Mobility Client for Linux Out-of-Bounds Memory Read Vulnerability

A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system. The vulnerability exists because the affected software performs improper bounds checks. An attacker...

4.8CVSS0.8AI score0.01563EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/01 4:0 p.m.38 views

Cisco Adaptive Security Appliance and Firepower Threat Defense Software WebVPN Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the WebVPN service of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the WebVPN portal of an affected device. Th...

4.8CVSS5.1AI score0.00878EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/01 4:0 p.m.38 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Lightweight Directory Access Protocol Denial of Service Vulnerability

A vulnerability in the implementation of the Lightweight Directory Access Protocol LDAP feature in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial ...

6.8CVSS7.2AI score0.02028EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/01 4:0 p.m.38 views

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Unmeasured Boot Vulnerability

A vulnerability in the Trusted Platform Module TPM functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The...

4.2CVSS4.4AI score0.00144EPSS
Exploits0References1
Cisco
Cisco
added 2019/05/01 4:0 p.m.38 views

Cisco Umbrella Dashboard Session Management Vulnerability

A vulnerability in the session management functionality of the web UI for the Cisco Umbrella Dashboard could allow an authenticated, remote attacker to access the Dashboard via an active, user session. The vulnerability exists due to the affected application not invalidating an existing session...

7.6CVSS1.3AI score0.01484EPSS
Exploits0References1
Cisco
Cisco
added 2018/10/03 4:0 p.m.38 views

Cisco Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability

A vulnerability in the FTP inspection engine of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability exists because the affected software fails to releas...

8.6CVSS6.5AI score0.0112EPSS
Exploits0References1
Cisco
Cisco
added 2018/09/26 4:0 p.m.38 views

Cisco IOS XE Software Cisco Discovery Protocol Memory Leak Vulnerability

A vulnerability in the Cisco Discovery Protocol CDP module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead to a denial of service DoS condition. The vulnerability is due to incorrect processing of certain C...

7.4CVSS1.5AI score0.00848EPSS
Exploits0References1
Cisco
Cisco
added 2018/09/05 4:0 p.m.38 views

Cisco Enterprise NFV Infrastructure Software Denial of Service Vulnerability

A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to perform a denial of service DoS attack against an affected system. The vulnerability is due to insufficient validation of user-provided input...

4.9CVSS2AI score0.01477EPSS
Exploits0References1
Cisco
Cisco
added 2018/07/18 4:0 p.m.38 views

Cisco Policy Suite Policy Builder Unauthenticated Access Vulnerability

A vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an unauthenticated, remote attacker to access the Policy Builder interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by accessing the Policy Builder interfac...

9.8CVSS1.2AI score0.02725EPSS
Exploits0References1
Cisco
Cisco
added 2018/07/18 4:0 p.m.38 views

Cisco SD-WAN Solution Zero Touch Provisioning Denial of Service Vulnerability

A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to incorrect bounds checks for certain values in packets that are sent to...

7.5CVSS2.3AI score0.02012EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.38 views

Cisco WebEx Cross-Site Scripting Vulnerability

A vulnerability in the web framework of the https://try.webex.com page of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation...

6.1CVSS6.1AI score0.02011EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.38 views

Cisco Enterprise NFV Infrastructure Software Web Management Interface Path Traversal Vulnerability

A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient validation of web request parameters. An attacker w...

6.5CVSS2.4AI score0.01907EPSS
Exploits0References1
Cisco
Cisco
added 2018/05/16 4:0 p.m.38 views

Cisco Digital Network Architecture Center Static Credentials Vulnerability

A vulnerability in Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials. The vulnerability is due to the presence of undocumented, static user...

10CVSS2.6AI score0.0379EPSS
Exploits0References1
Cisco
Cisco
added 2018/04/18 4:0 p.m.38 views

Cisco StarOS IPsec Manager Denial of Service Vulnerability

A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router ASR 5000 Series Routers and Virtualized Packet Core VPC System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being...

5.3CVSS1.1AI score0.03286EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.38 views

Cisco IOS Software Integrated Services Module for VPN Denial of Service Vulnerability

A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN ISM-VPN running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient handling of VPN traffi...

8.6CVSS2.3AI score0.07074EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/28 4:0 p.m.38 views

Cisco IOS XE Software Zone-Based Firewall IP Fragmentation Denial of Service Vulnerability

A vulnerability in the Zone-Based Firewall code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a device to reload. The vulnerability is due to the way fragmented packets are handled in the firewall code. An attacker could exploit this vulnerability by sending...

8.6CVSS1.9AI score0.02743EPSS
Exploits0References1
Cisco
Cisco
added 2018/03/07 4:0 p.m.38 views

Cisco StarOS CLI Command Injection Vulnerability

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. The vulnerability is due to insufficient validati...

6.7CVSS3.6AI score0.00466EPSS
Exploits0References1
Cisco
Cisco
added 2018/02/07 4:0 p.m.38 views

Cisco StarOS for Cisco ASR 5000 Series Aggregation Services Routers File Overwrite Vulnerability

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient...

4.4CVSS1.8AI score0.00376EPSS
Exploits0References1
Cisco
Cisco
added 2018/01/17 4:0 p.m.38 views

Cisco Identity Services Engine DOM Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a Document Object Model DOM cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

6.1CVSS1.7AI score0.0122EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.38 views

Cisco Email Security Appliance Header Bypass Vulnerability

A vulnerability in the Simple Mail Transfer Protocol SMTP header filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper handling...

5.8CVSS5.6AI score0.01638EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/27 4:0 p.m.38 views

Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerabilities

Multiple vulnerabilities in the implementation of the Common Industrial Protocol CIP feature in Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerabilities are due to the improper...

8.6CVSS2.2AI score
Exploits0References1
Cisco
Cisco
added 2017/08/16 4:0 p.m.38 views

Cisco AnyConnect WebLaunch Cross-Site Scripting Vulnerability

The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the affected software. The vulnerability is due to insufficient input...

6.1CVSS6.1AI score0.0122EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/02 4:0 p.m.38 views

Cisco Firepower System Software Secure Sockets Layer Policy Bypass Vulnerability

A vulnerability in the Secure Sockets Layer SSL Decryption and Inspection feature of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. The vulnerability is due to unexpected...

5.3CVSS7.5AI score0.01162EPSS
Exploits0References1
Cisco
Cisco
added 2017/08/02 4:0 p.m.38 views

Cisco Meeting Server H.264 Protocol Denial of Service Vulnerability

A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server CMS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected system. The vulnerability exists because the affected application does not properly validate...

5.8CVSS7.5AI score0.02322EPSS
Exploits0References1
Cisco
Cisco
added 2017/05/17 4:0 p.m.38 views

Cisco UCS C-Series Rack Servers TCP Port Denial of Service Vulnerability

A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this...

5.8CVSS7.5AI score0.02139EPSS
Exploits0References1
Cisco
Cisco
added 2017/04/05 4:0 p.m.38 views

Cisco Wireless LAN Controller 802.11 WME Denial of Service Vulnerability

A vulnerability in 802.11 Wireless Multimedia Extensions WME action frame processing in Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to incomplete input validation of the 802.11 WM...

7.4CVSS6.5AI score0.00779EPSS
Exploits0References1
Cisco
Cisco
added 2017/04/05 4:0 p.m.38 views

Cisco Integrated Management Controller Redirection Vulnerability

A vulnerability in the web interface of Cisco Integrated Management Controller IMC Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of parameters in HTTP requests. An attacker could exploit...

4.7CVSS6.3AI score0.01201EPSS
Exploits0References1
Cisco
Cisco
added 2017/04/05 4:0 p.m.38 views

Cisco IOS XR Software Denial of Service Vulnerability

A vulnerability in Google-defined remote procedure call gRPC handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon emsd to crash due to a system memory leak, resulting in a denial of service DoS condition. The vulnerability ...

5.3CVSS5.5AI score0.02045EPSS
Exploits0References1
Cisco
Cisco
added 2017/02/08 4:0 p.m.38 views

Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability

A vulnerability in Common Internet Filesystem CIFS code in the Clientless SSL VPN functionality of Cisco ASA Software could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this...

8.8CVSS8.7AI score0.1476EPSS
Exploits1References1
Cisco
Cisco
added 2017/02/01 4:0 p.m.38 views

Cisco Firepower URL Bypass Vulnerability

A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content. The vulnerability is due to insufficient input validation checks within the system's access control rule criteria. An...

5.8CVSS5.7AI score0.01853EPSS
Exploits0References1
Cisco
Cisco
added 2016/01/19 8:0 a.m.38 views

Cisco Web Security Appliance Security Bypass Vulnerability

A vulnerability in the proxy engine of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by crafting an imprope...

5CVSS7.6AI score0.02082EPSS
Exploits0References1
Cisco
Cisco
added 2015/12/08 12:0 a.m.38 views

Cisco Wireless Residential Unauthorized Command Vulnerability

A vulnerability with web interface access authentication of the Cisco EPC3928 Wireless Residential Gateway could allow an unauthenticated, remote attacker to issue a subset of commands as the administrator without authenticating to the device. The vulnerability is due to lack of authentication...

6.4CVSS7.9AI score0.07628EPSS
Exploits4References1
Cisco
Cisco
added 2015/10/28 8:58 p.m.38 views

Cisco ASR 5500 SAE Gateway BGP Denial of Service Vulnerability

A vulnerability in the Border Gateway Protocol BGP input packet handler in the Cisco ASR 5500 System Architecture Evolution SAE Gateway could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition because the BGP process restarts unexpectedly. The vulnerabili...

5CVSS6.5AI score0.01744EPSS
Exploits0References1
Cisco
Cisco
added 2015/10/28 8:0 a.m.38 views

Cisco Unified Communications Domain Manager URI Enumeration Vulnerability

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to map a file system structure. The vulnerability is due to different handling of existent and nonexistent paths. An attacker could exploit this vulnerability by enumerating all possible...

4.3CVSS6.5AI score0.01816EPSS
Exploits0References1
Total number of security vulnerabilities5000